Free Isaca CGEIT Exam Questions

Become Isaca Certified with updated CGEIT exam questions and correct answers

Page: 1 / 138

Total 690 Questions | Updated On: Oct 27, 2025

Add To Cart

Question 1

The IT program manager does not see the value of conducting risk assessments for a new major IT project. The manager is reluctant to cooperate with internal auditors and the newly formed steering committee. Midway through the project, program requirements were changed because the CEO is a friend of a vendor and wants to implement this vendor's new technology. This decision will cause the current IT program budget to be insufficient and will be shown as overspending. After the requirement change request, the IT program manager should FIRST:

A : obtain confirmation from the business and a decision by the steering committee.

B : request additional funding from the business owner to cover the additional scope.

C : report the matter to internal audit as a program deviation to be reviewed.

D : align IT with the business and agree to the business request.

Answer: A

Question 2

To support the enterprise's digital transformation, the CIO has been asked to include an Internet of Things (lop component in the IT strategy. Which of the following should be the FIRST consideration?

A : uring loT usage in the industry has been analyzed

B : Ensuring loT can be used in current revenue streams

C : uring solution providers and their loT use cases have been researched

D : Ensuring initial approvals are limited to small loT projects to gain experience

Answer: A

Question 3

The FIRST step in aligning resource management to the enterprise's IT strategic plan would be to

A : develop a responsible, accountable, consulted and informed (RACI) chart

B : assign appropriate roles and responsibilities

C : perform a gap analysis

D : identify outsourcing opportunities

Answer: C

Question 4

Upcoming IT-related regulations carry costly penalties for an enterprise. The issuing regulatory agency has a history of weak enforcement. The IT steering committee should FIRST direct management to:

A : Develop mitigation plans for noncompliance.

B : Update the enterprise architecture (EA).

C : Evaluate the impact of the emerging risk.

D : Perform benchmarking activities.

Answer: C

Question 5

Which of the following would BEST enable an enterprise to ensure selected cloud vendors meet stringent regulatory requirements?

A : Stage gate reviews

B : Risk assessment

C : Internal audit report

D : Third-party audit reports

Answer: D

Page: 1 / 138

Total 690 Questions | Updated On: Oct 27, 2025

Add To Cart